WHAT IS CLAIMED IS: 



1 . A method comprising: 

populating a directory with entries for each of a plurality of users of a multi-user 

computing environment, wherein each entry in the directory comprises a 

user ID and one or more group names; 
determining a first group access control list for a first one of the gjoup names in 

the directory, wherein the first group access control list comprises the user 

IDs of users whose directory entries comprise the first groups name; 
for each data source in the multi-user computing environment which permits 

access by the first group name, granting access to the data source to the 

users in the first group access control list. 



2. The method of claim 1, 

wherein each entry in the directory comprises a user password; and 
wherein the method further comprises authenticating each user ID using the 
associated user password. 



3 . The method of claim 1 , 

wherein each entry in the directory comprises zero, one, or a plurality of 
hostnames; 

wherein the directory comprises a first hostname; and 

wherein the method further comprises: 

for each data source in the multi-user computing environment which 
permits access by the first hostname, granting access to the data 
source to the one or more users whose directory entries comprise 
the first hostname and who are seeking access from the host 
having the first hostname. 
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4 The method of claim 1 , 

wherein the data source comprises a file or a directory in a file system coupled to 
the multi-user computing environment. 

5. The method of claim 1, 

wherein the access comprises read access; and 

wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control 
list to read the data source. 

6. The method of claim 1 , 

wherein the access comprises write access; and 

wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control 
list to write to the data source. 

7. The method of claim 1, 

wherein the access comprises execute access; and 

wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control 
list to execute the data source. 

8. The method of claim 1 ? 

for each data source in the multi-user computing environment which permits 
access by the first group name and owner but denies access to others, 
denying access to the data source to users who are not in the first group 
access control list and who are not the owner of the data source. 

9 . The method of claim 1 , 
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wherein the multi-user computing environment comprises a UNIX-based 
operating system. 



10. A system comprising : 
5 a file system which comprises one or more data sources including a first data 

source; 

a directory server which is operable to store a plurality of directoiy entries for a 
plurality of users, wherein each directory entry comprises a user ID and 
one or more group names which denote groups to which the user ID 
10 belongs, wherein at least one of the directory entries comprises a first 

group name; and 

a first group access control list which is generated from the directory entries, 
wherein the first group access control list comprises the at least one user 
IDs belonging to the first group name, and wherein the first group access 
15 control list is usable to permit access to the first data source to user IDs 

belonging to the first group name. 



1 1 . The system of claim 1 0, 

wherein each entry in the directory comprises a user password, wherein the user 
20 password is usable to authenticate the corresponding user ID for access to 

the one or more data sources. 



12. The system of claim 10, further comprising: 

a host computer system coupled to the file system; 
25 wherein each entry in the directory comprises zero, one, or a plurality of host 

names such that the directory server comprises a first host name 
corresponding to the host computer system, and wherein access is granted 
to the first data sources to users seeking access from the host computer 
system. 
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1 3 . The system of claim 1 0, 

wherein the access to the first data source comprises read access. 

14. The system of claim 1 0, 

wherein the access to the first data source comprises write access. 

1 5 . The system of claim 1 0, 

wherein the access to the first data source comprises execute access. 

1 6. The system of claim 1 0, further comprising: 

an operating system which is operable to restrict user access to the data sources in 
the file system. 

17. A carrier medium comprising program instructions which are computer- 
executable to implement: 

populating a directory with entries for each of a plurality of users of a multi-user 
computing environment, wherein each entry in the directoiy comprises a 
user ID and one or more group names; 

determining a first group access control list for a first one of the group names in 
the directory, wherein the first group access control list comprises the user 
IDs of users whose directory entries comprise the first group name; 

for each data source in the multi-user computing environment which permits 
access by the first group name, granting access to the data source to the 
users in the first group access control list. 

18. The carrier medium of claim 17, 

wherein each entry in the directory comprises a user password; and 
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wherein the program instructions are further computer-executable to implement 
authenticating each user ID using the associated user password. 

19. The carrier medium of claim 1 7, 
5 wherein each entry in the directory comprises zero, one, or a plurality of 

hostnames; 

wherein the directory comprises a first hostname; and 

wherein the program instructions are further computer-executable to implement : 
for each data source in the multi-user computing environment which 
10 permits access by the first hostname, granting access to the data 

source to the one or more users whose directory entries comprise 
the first hostname and who are seeking access from the host 
having the first hostname. 

15 20. The carrier medium of claim 1 7, 

wherein the data source comprises a file or a directory in a file system coupled to 
the multi-user computing environment. 

21 . The carrier medium of claim 17, 
20 wherein the access comprises read access; and 

wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control 
list to read the data source. 

25 22. The carrier medium of claim 1 7, 

wherein the access comprises write access; and 

wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control 
list to write to the data source. 
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23. The carrier medium of claim 17, 

wherein the access comprises execute access; and 

wherein the granting access to the data source to the users in the first group access 
5 control list comprises permitting the users in the first group access control 

list to execute the data source. 



24. The carrier medium of claim 17, wherein the program instructions are further 

computer-executable to implement: 
10 for each data source in the multi-user computing environment which permits 

access by the first group name and owner but denies access to others, 
denying access to the data source to users who are not in the first group 
access control list and who are not the owner of the data source. 



15 25 . The carrier medium of claim 1 7, 

wherein the multi-user computing environment comprises a UNIX-based 
operating system. 
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